Windows Defender deletes the script. :/ Guessing I can't do anything besides adding manually an exclusion for that folder within Defender, right?
Powershell -C "Get-MpPreference" Code: AttackSurfaceReductionOnlyExclusions : AttackSurfaceReductionRules_Actions : AttackSurfaceReductionRules_Ids : CheckForSignaturesBeforeRunningScan : False CloudBlockLevel : 0 CloudExtendedTimeout : 0 ComputerID : ControlledFolderAccessAllowedApplications : ControlledFolderAccessProtectedFolders : DisableArchiveScanning : True DisableAutoExclusions : True DisableBehaviorMonitoring : True DisableBlockAtFirstSeen : True DisableCatchupFullScan : True DisableCatchupQuickScan : True DisableEmailScanning : True DisableIntrusionPreventionSystem : DisableIOAVProtection : True DisablePrivacyMode : True DisableRealtimeMonitoring : True DisableRemovableDriveScanning : True DisableRestorePoint : True DisableScanningMappedNetworkDrivesForFullScan : True DisableScanningNetworkFiles : True DisableScriptScanning : True EnableControlledFolderAccess : 0 EnableFileHashComputation : False EnableLowCpuPriority : False EnableNetworkProtection : 0 ExclusionExtension : ExclusionPath : ExclusionProcess : HighThreatDefaultAction : 0 LowThreatDefaultAction : 0 MAPSReporting : 0 ModerateThreatDefaultAction : 0 PUAProtection : 0 QuarantinePurgeItemsAfterDelay : 0 RandomizeScheduleTaskTimes : False RealTimeScanDirection : 0 RemediationScheduleDay : 8 RemediationScheduleTime : 00:00:00 ReportingAdditionalActionTimeOut : 0 ReportingCriticalFailureTimeOut : 0 ReportingNonCriticalTimeOut : 0 ScanAvgCPULoadFactor : 5 ScanOnlyIfIdleEnabled : False ScanParameters : 0 ScanPurgeItemsAfterDelay : 0 ScanScheduleDay : 8 ScanScheduleQuickScanTime : 00:00:00 ScanScheduleTime : 00:00:00 SevereThreatDefaultAction : 0 SharedSignaturesPath : SignatureAuGracePeriod : 0 SignatureDefinitionUpdateFileSharesSources : SignatureDisableUpdateOnStartupWithoutEngine : True SignatureFallbackOrder : 0 SignatureFirstAuGracePeriod : 0 SignatureScheduleDay : 8 SignatureScheduleTime : 00:00:00 SignatureUpdateCatchupInterval : 0 SignatureUpdateInterval : 0 SubmitSamplesConsent : 2 ThreatIDDefaultAction_Actions : ThreatIDDefaultAction_Ids : UILockdown : True UnknownThreatDefaultAction : 0 PSComputerName : My Result to permanently Disable Defender not coming back in any scenario.
New Update by St1ckys on his Github Stuff Repo [ Permanently Uninstall Defender Win10 & 11 ] Clear Pwsh Scr : https://github.com/St1ckys/Stuff/blob/main/Windows.10.Defender_Uninstall.ps1
Bat Script to remove Defender Packages Using same St1ckys Method : Code: @echo off Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Write-Host 'Removing Defender Permanently' -EA SilentlyContinue -ForegroundColor Green -Verbose" Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Set-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\*Windows-Defender*' -Name Visibility -Value 1 -Force -EA SilentlyContinue -Verbose" Powershell -C "Remove-Item -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\*Windows-Defender*' -Include *Owner* -Recurse -Force -EA SilentlyContinue -Verbose" Powershell -C "Get-ChildItem -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\*Windows-Defender*' -Name | ForEach-Object {dism /online /remove-package /PackageName:$_ /NoRestart}"
now I have 3 ways to completely remove this s**t make sure it really gone, maybe delete the whole folder is not enough Code: call :export cson > "%temp%\Windows.10.Defender_Uninstall.ps1" >nul 2>&1 powershell -noprofile -executionpolicy bypass -file "%temp%\Windows.10.Defender_Uninstall.ps1" for %%A IN (WinDefend, WdBoot, WdFilter, Sense, WdNisDrv, WdNisSvc) do ( >nul 2>&1 sc config %%A start=disabled >nul 2>&1 sc stop %%A >nul 2>&1 reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\%%A" /f ) for %%A IN (SecurityHealthService.exe, SecurityHealthSystray.exe, smartscreen.exe, MpCmdRun.exe) do >nul 2>&1 taskkill /im %%A >nul 2>&1 reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender" /f >nul 2>&1 reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe" /f set Key="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features" >nul 2>&1 call :reg_own !key! "" S-1-5-114 "" Allow FullControl >nul 2>&1 call :reg_own !key! "" S-1-5-32-544 "" Allow FullControl >nul 2>&1 REG ADD !Key! /f /v DisableAntiSpyware /t REG_DWORD /d 1 >nul 2>&1 REG ADD !Key! /f /v TamperProtection /t REG_DWORD /d 0 >nul 2>&1 call :DestryFolder "%ProgramFiles%\Windows Defender" >nul 2>&1 call :DestryFolder "%ProgramFiles(x86)%\Windows Defender" >nul 2>&1 call :DestryFolder "%ALLUSERSPROFILE%\Windows Defender" >nul 2>&1 call :DestryFolder "%ProgramFiles%\Windows Defender Advanced Threat Protection" >nul 2>&1 call :DestryFolder "%ProgramFiles(x86)%\Windows Defender Advanced Threat Protection" >nul 2>&1 call :DestryFolder "%ALLUSERSPROFILE%\Microsoft\Windows Defender Advanced Threat Protection"
Massive Usability Improvements for 2022! - my RunAsTI context menu .reg for folders and files (exe, msc, bat, cmd, reg), even shows up on the s**tty Windows 11 - RunAsTI simplified (just one variant - the best one) and with improved cmd + arguments parsing. Works with any paths! - reg_own with powershell style arguments, much improved handling of recursively denied permissions (when you don't even have access to view them), -list switch will show rights even when regedit fails!
@BAU The issue i reported here couple of months ago is still present though: https://forums.mydigitallife.net/th...ets-for-power-users.83479/page-3#post-1699308 If you could confirm i'd appreciate it, just to make sure if my system has some problem or not
No, it's your system. Here's how it behaves on 11 release or dev (slow VM): Much faster on real machine, ultra faster on 10 / 7
Fixed that typo! And added Open Powershell as trustedinstaller entry on directory background (RunAsTI.reg)
You mean you can reproduce that behavior on release channel but not on dev? I was thinking about doing an in-place upgrade but if that's the case...
Yep, I can now reproduce it on a clean install up-to-date release 11. On dev it's been fine. It starts with an empty non-responsive window, that later gets painted and it recovers.
2022.01.28: workaround for 11 release (22000) hindering explorer as TI; fix 7 args Please test the new workaround! I'm using control admintools since that one is not hindered, then sendkeys with the location - I know, crazy, but it works!
Works good, ty! UI a bit bugged (at least when using dark theme) but that's just Windows being Windows
If you just copy pasted the script without modifications in powershell, it is gonna open an explorer window at Control Panel\System and Security\Administrative Tools (as TI). From there you can just select Registry Editor, or Ctrl+L for address bar and enter there regedit Or use it as a function (like instructed): first copy-paste RunAsTI snippet in powershell - it's clearly delimited between ######################################################### then simply enter: RunAsTI regedit See more examples under USAGE - like launching programs with parameters: RunAsTI cmd '/k "whoami /all & color e0"' - or launch powershell as TI (because in your screenshot you're still in the normal powershell): RunAsTI powershell